By default, NSX Manager uses a self-signed Secure Sockets Layer (SSL) certificate. This certificate is not trusted by end-user devices or web browsers. It is a security best practice to replace these certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).

Table 1. Design Decisions on CA-Signed SSL Certificates for NSX

Design ID

Design Decision

Design Justification

Design Implication

ROBO-VI-SDN-031

Replace the NSX Manager certificate with a certificate signed by a third-party Public Key Infrastructure.

Ensures communication between NSX administrators and the NSX Manager are encrypted by a trusted certificate.

Replacing and managing certificates is an operational overhead.